Re: [Mailman-Users] Mailman Hosting

2016-12-22 Thread Mark Dale 

Thanks for the suggestion on the mailop list Jim.

Verizon began accepting mail again for lists on the European server 
about 6 hours ago.


No light was shed as to why or what changed their view. Not only Verizon 
but AT&T as well, at around the same time - a little puzzle that's 
probably best left alone.


It may be that their default position is to block all list mail 
regardless - until they get swamped with complaints.


I've subscribed to the mailop list as you suggest, and if I learn 
anything relevant to this issue I'll post it back here.


Thanks,
Mark




 MailmanLists - hosted discussion lists
 Canberra, Australia
 Tel: +61 .2 61003121
 http://www.mailmanlists.net
===

On 22/12/16 16:15, Jim Popovitch wrote:

On Wed, Dec 21, 2016 at 11:42 PM, Mark Dale  wrote:

...

All the DNS records (inc SPF, DKIM) are in place, the server is on no RBLs,
con-current connections to the recieving mail servers is set at 2 in
Postfix. In short, all the right boxes are ticked as far as we can see.

Point noted about the time needed to build a good IP reputation. In light of
that, we moved the list to our old established server in Europe. It has a
SenderScore of 99, and of course all the same boxes are ticked. Verizon
still rejected list mail.

...




A good place to start is on the mailop list, explain your company and
sign-up practices/filtering, etc.  Be open and ask for specific reps
to contact you offline if necessary.  You may get some awesome help,
although this close to the holidays your message may not hit the right
people until next year.

https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] edit confirmation request?

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 03:51 PM, Dave Stevens wrote:
> 
> I'd like them to only have the option to reply in order to confirm. I
> don't see a way to edit the confirmation email's text or,
> alternatively, to turn off the clickthrough option for new
> subscriptions.


Beginning with Mailman 2.1.23, the "Request to confirm subscription"
template has been added to those that can be edited through the web
admin "Edit the public HTML pages and text files" link.

For older Mailman, you need access to the Mailan server to make a list
specific version of the verify.txt template. See
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 04:05 PM, Jim Popovitch wrote:
> 
> Just to be clear, the bots are doing a GET of the listinfo page,
> extracting the token, and then (mis)forming the GET URL like this:
> 
> 89.32.127.178 - - [22/Dec/2016:23:53:29 +] "GET
> /mailman/listinfo/users HTTP/1.1" 200 2866 "-" "Mozilla/5.0 (Windows
> NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> 89.32.127.178 - - [22/Dec/2016:23:53:32 +] "GET
> /subscribe/users?sub_form_token=2351250719%3A8d5271a8d26c4cdd37040d7a7f37efb977e93d07&email=candice.cheng%40gmail.com&fullname=585c673c4eaac&pw=&pw-conf=&digest=1&email-button=candice.cheng%40gmail.com&language=en&?sub_form_token=2351250719%3A8d5271a8d26c4cdd37040d7a7f37efb977e93d07&email=candice.cheng%40gmail.com&fullname=585c673c4eaac&pw=&pw-conf=&digest=1&email-button=candice.cheng%40gmail.com&language=en&&sub_form_token=2351250719%3A8d5271a8d26c4cdd37040d7a7f37efb977e93d07&email=candice.cheng%40gmail.com&fullname=585c673c4eaac&pw=&pw-conf=&digest=1&email-button=candice.cheng%40gmail.com&language=en&
> HTTP/1.1" 404 162 "http://netcoolusers.org/"; "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
> 
> I suspect, the bot is requesting ../subscribe and that nginx is just
> striping the leading dots off the request (totally not sure about this
> though).


I suspect that's correct. The bottom line however is that there are
already botnets out there that are smart enough the do the right things
to get past the checks of GETting the form first with the hidden token
and delaying sufficiently before POSTing to the right URL.

I can see that if your attackers get smarter, the real name check could
be useful, but I'm not ready to add that as a feature. That could change
if they successfully attack me, but that hasn't happened yet.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] edit confirmation request?

2016-12-22 Thread Dave Stevens 
I have a potentially large subset of users for a new list whose
firm will make difficulties about them clicking on a link in Mailman's 
confirmation request email. 

I'd like them to only have the option to reply in order to confirm. I
don't see a way to edit the confirmation email's text or,
alternatively, to turn off the clickthrough option for new
subscriptions.

Anyone know how to do this?

D


-- 
Reporter to Mahatma Ghandi after his tour of east London
"What do you think of western civilization, Mr. Ghandi?"
Ghandi - "I think it would be an excellent idea!"

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 03:07 PM, Caesar Samsi wrote:
> Alright I'm stuck here now, been trolling google … haven’t found a clue yet.
> 
> Dec 22 15:02:22 localhost postfix/smtpd[7643]: NOQUEUE: reject: RCPT from 
> 0-46.static.highlandsfibernetwork.com[216.9.0.46]: 550 5.1.1 
> mailto:te...@yugi.us>>: Recipient address rejected: User 
> unknown in virtual mailbox table; from= to= 
> proto=ESMTP helo=


As Jim P. said, you may need

virtual_alias_domains = yugi.us

in Postfix main.cf, although this may conflict with your
virtual_mailbox_domains.

You need to figure out what domains you want to use for what purposes,
and how you want to deliver to Mailman.

Also, look at your data/virtual-mailman. Is the mapping there like

te...@yugi.ustest2@localhost
...

or is it

te...@mail.yugi.ustest2@localhost

If the latter, you have to post to te...@mail.yugi.us, not te...@yugi.us
or fix your list's host names and rerun genaliases.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Jim Popovitch 
On Thu, Dec 22, 2016 at 6:55 PM, Mark Sapiro  wrote:
> On 12/22/2016 03:38 PM, Jim Popovitch wrote:
>>
>> I'm seeing GET attempts like this:
>>
>> 77.247.181.165 - - [22/Dec/2016:23:30:10 +] "GET
>> /subscribe/users?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&&sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&
>> HTTP/1.1" 404 162 "http://netcoolusers.org/"; "Mozilla/5.0 (Windows NT
>> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
>
>
> OK. I see how limiting the subscribe CGI to POST requests would stop
> these, but I haven't seen any attacks like this. In the ones I've seen,
> the bot GETs the form via listinfo and then delays and POSTs to
> subscribe as described in the part of my post in this thread you didn't
> quote.

Just to be clear, the bots are doing a GET of the listinfo page,
extracting the token, and then (mis)forming the GET URL like this:

89.32.127.178 - - [22/Dec/2016:23:53:29 +] "GET
/mailman/listinfo/users HTTP/1.1" 200 2866 "-" "Mozilla/5.0 (Windows
NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
89.32.127.178 - - [22/Dec/2016:23:53:32 +] "GET
/subscribe/users?sub_form_token=2351250719%3A8d5271a8d26c4cdd37040d7a7f37efb977e93d07&email=candice.cheng%40gmail.com&fullname=585c673c4eaac&pw=&pw-conf=&digest=1&email-button=candice.cheng%40gmail.com&language=en&?sub_form_token=2351250719%3A8d5271a8d26c4cdd37040d7a7f37efb977e93d07&email=candice.cheng%40gmail.com&fullname=585c673c4eaac&pw=&pw-conf=&digest=1&email-button=candice.cheng%40gmail.com&language=en&&sub_form_token=2351250719%3A8d5271a8d26c4cdd37040d7a7f37efb977e93d07&email=candice.cheng%40gmail.com&fullname=585c673c4eaac&pw=&pw-conf=&digest=1&email-button=candice.cheng%40gmail.com&language=en&
HTTP/1.1" 404 162 "http://netcoolusers.org/"; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"

I suspect, the bot is requesting ../subscribe and that nginx is just
striping the leading dots off the request (totally not sure about this
though).

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 03:38 PM, Jim Popovitch wrote:
> 
> I'm seeing GET attempts like this:
> 
> 77.247.181.165 - - [22/Dec/2016:23:30:10 +] "GET
> /subscribe/users?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&&sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&
> HTTP/1.1" 404 162 "http://netcoolusers.org/"; "Mozilla/5.0 (Windows NT
> 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"


OK. I see how limiting the subscribe CGI to POST requests would stop
these, but I haven't seen any attacks like this. In the ones I've seen,
the bot GETs the form via listinfo and then delays and POSTs to
subscribe as described in the part of my post in this thread you didn't
quote.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 01:53 PM, Jim Popovitch wrote:
> 
> I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
> to implement the same (or some field validation logic) for the
> "fullname" field of the subscription page.   I'm still seeing a ton of
> subscribe spam attempts, and the fullname field is consistently not a
> text name.
> 
>>From nginx log:
> 
> ...sa...@apexgolfcarts.com&fullname=58562fbb70e22...
> ...elle...@hotmail.com&fullname=5856315b5b695...
> ...scottpickup2...@gmail.com&fullname=5856372a4e2f1...
> ...vanes...@live.com&fullname=58563aa6664bf...
> ...mea...@meaganlucyphoto.con&fullname=58563ab925ac7...
> ...saramardam...@gmail.com&fullname=58564566dc31b...
> ...dotthomas...@yahoo.com&fullname=5856456df0b96...
> ...scottpickup2...@gmail.com&fullname=58564b85ccf98...


If you only want to target user subscribes and not things like admin
mass subscribes and invitations, you could modify Mailman/MailList.py in
the AddMember() method around line 894

pattern = self.GetBannedPattern(email)

change that to

pattern = (self.GetBannedPattern(email) or
   self.GetBannedPattern(realname))

Then you could add patterns like, e.g., '^[0-9af]{10,}' to the
GLOBAL_BAN_LIST to match those real names.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Jim Popovitch 
On Thu, Dec 22, 2016 at 6:26 PM, Mark Sapiro  wrote:
> On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>>
>> I think i have a better solution, (but I'm not so sure how to do this
>> in Apache).  In Nginx you can use "limit_except PUT { deny  all; }"
>> to deny the spambot GET attempts.
>
> in apache 2.4 you would do
>
> 
>   Require all denied
> 
> Require all granted
>
> but how does this help? No one, including bots GETs the subscribe CGI,
> and subscription is via POST, not PUT.

Indeed, POST, not PUT.  I have POST in my config, but the docs that I
saw (which I copied to here) used PUT.

> The scenario is the same for bots and humans. GET the listinfo CGI with
> the hidden token and then POST the form to the subscribe CGI. I don't
> see how you can block one without blocking the other.

I'm seeing GET attempts like this:

77.247.181.165 - - [22/Dec/2016:23:30:10 +] "GET
/subscribe/users?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&&sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&
HTTP/1.1" 404 162 "http://netcoolusers.org/"; "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"

Although those are failing because they are hitting /subscribe, but if
they ever tweak the bots it could get ugly fast without some
mitigation.

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 03:01 PM, Jim Popovitch wrote:
> 
> I think i have a better solution, (but I'm not so sure how to do this
> in Apache).  In Nginx you can use "limit_except PUT { deny  all; }"
> to deny the spambot GET attempts.

in apache 2.4 you would do


  Require all denied

Require all granted

but how does this help? No one, including bots GETs the subscribe CGI,
and subscription is via POST, not PUT.

The scenario is the same for bots and humans. GET the listinfo CGI with
the hidden token and then POST the form to the subscribe CGI. I don't
see how you can block one without blocking the other.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Jim Popovitch 
On Thu, Dec 22, 2016 at 6:07 PM, Caesar Samsi  wrote:
> Alright I'm stuck here now, been trolling google … haven’t found a clue yet.
>
> Dec 22 15:02:22 localhost postfix/smtpd[7643]: NOQUEUE: reject: RCPT from 
> 0-46.static.highlandsfibernetwork.com[216.9.0.46]:
>  550 5.1.1 mailto:te...@yugi.us>>: Recipient address rejected: 
> User unknown in virtual mailbox table; 
> from=mailto:cae...@samsi.us>> 
> to=mailto:te...@yugi.us>> proto=ESMTP 
> helo=http://mail.samsi.us>>


I could be wrong, but I didn't see virtual_alias_domains defined in
your main.cf.  That needs to be defined in order for
virtual_alias_maps to be relevant.

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
Alright I'm stuck here now, been trolling google … haven’t found a clue yet.

Dec 22 15:02:22 localhost postfix/smtpd[7643]: NOQUEUE: reject: RCPT from 
0-46.static.highlandsfibernetwork.com[216.9.0.46]:
 550 5.1.1 mailto:te...@yugi.us>>: Recipient address rejected: 
User unknown in virtual mailbox table; 
from=mailto:cae...@samsi.us>> 
to=mailto:te...@yugi.us>> proto=ESMTP 
helo=http://mail.samsi.us>>

On Dec 22, 2016, at 2:36 PM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:

Alright here is my postfix config, hope there’s something useful in there.

alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
myhostname = mail.yugi.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/hostname
readme_directory = no
recipient_delimiter = +
smtp_helo_timeout = 60s
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client 
sbl.spamhaus.org, reject_rbl_client 
blackholes.easynet.nl
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject 
reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, 
permit_sasl_authenticated, reject_non_fqdn_recipient, 
reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, 
permit_sasl_authenticated, reject_non_fqdn_recipient, 
reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql_virtual_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, 
reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, 
warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, 
reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, 
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, 
mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf, 
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, 
mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:150

On Dec 22, 2016, at 1:41 PM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:

I was missing this step from: 
https://help.ubuntu.com/community/Mailman#Postfix_Configuration


Associate the domain 
lists.example.com to the 
mailman transport with the transport map. Edit the file /etc/postfix/transport:

lists.example.com  
mailman:

Of course I replaced 
list.example.com with 
mail.yugi.us

Got further: I ran genaliases after that and virtual-mailman and 
virtual-mailman.db showed up in /var/lib/mailman/data woo hoo!

I test sent to mail...@yugi.us 
and got in /var/log/mail.log:
Dec 22 13:39:32 localhost postfix/smtpd[3566]: NOQUEUE: reject: RCPT from 
0-46.static.highlandsfibernetwork.com[216.9.0.46]:
 550 5.1.1 mailto:mail...@yugi.us>>: 
Recipient address rejected: User unkno

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Jim Popovitch 
On Thu, Dec 22, 2016 at 4:53 PM, Jim Popovitch  wrote:
> On Tue, Dec 13, 2016 at 12:35 PM, Mark Sapiro  wrote:
>>
>> Steve has answered most of this. I just want to add a couple of things.
>> With respect to web subscribes, several sites including python.org have
>> seen mail bomb attacks via the web subscribe interface.
>>
>> These are subscribes via the web UI by distributed bots that are "smart"
>> enough to GET the form  and delay tens of seconds before POSTing it. The
>> most recent attacks have been multiple subscribes to multiple lists of
>> some gmail.com address with various permutations of dots (ignored by
>> gmail) interspersed in the local part. The most recent attack on
>> mail.python.org subscribed addresses that matched
>>
>>   '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com
>
> I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
> to implement the same (or some field validation logic) for the
> "fullname" field of the subscription page.   I'm still seeing a ton of
> subscribe spam attempts, and the fullname field is consistently not a
> text name.
>

I think i have a better solution, (but I'm not so sure how to do this
in Apache).  In Nginx you can use "limit_except PUT { deny  all; }"
to deny the spambot GET attempts.

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
Alright here is my postfix config, hope there’s something useful in there.

alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
myhostname = mail.yugi.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/hostname
readme_directory = no
recipient_delimiter = +
smtp_helo_timeout = 60s
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, 
reject_rbl_client blackholes.easynet.nl
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject 
reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, 
permit_sasl_authenticated, reject_non_fqdn_recipient, 
reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_relay_restrictions = reject_unauth_pipelining, permit_mynetworks, 
permit_sasl_authenticated, reject_non_fqdn_recipient, 
reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql_virtual_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, 
reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, 
warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, 
reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, 
EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, 
mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf, 
hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, 
mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:150

> On Dec 22, 2016, at 1:41 PM, Caesar Samsi  wrote:
> 
> I was missing this step from: 
> https://help.ubuntu.com/community/Mailman#Postfix_Configuration
> 
> 
> Associate the domain lists.example.com to the 
> mailman transport with the transport map. Edit the file 
> /etc/postfix/transport:
> 
> lists.example.com  mailman:
> 
> Of course I replaced list.example.com with 
> mail.yugi.us
> 
> Got further: I ran genaliases after that and virtual-mailman and 
> virtual-mailman.db showed up in /var/lib/mailman/data woo hoo!
> 
> I test sent to mail...@yugi.us and got in 
> /var/log/mail.log:
> Dec 22 13:39:32 localhost postfix/smtpd[3566]: NOQUEUE: reject: RCPT from 
> 0-46.static.highlandsfibernetwork.com[216.9.0.46]:
>  550 5.1.1 mailto:mail...@yugi.us>>: Recipient address 
> rejected: User unknown in virtual mailbox table; 
> from=mailto:cae...@samsi.us>> 
> to=mailto:mail...@yugi.us>> proto=ESMTP 
> helo=http://mail.samsi.us>>
> 
> On Dec 22, 2016, at 1:29 PM, Mark Sapiro 
> mailto:m...@msapiro.net>> wrote:
> 
> On 12/22/2016 01:21 PM, Caesar Samsi wrote:
> 
> I’ve also added:
> 
> POSTFIX_STYLE_VIRTUAL_DOMAINS = 
> ['yugi.us','mail.yugi.us']
> VIRTUAL_MAILMAN_LOCAL_DOMAIN = ‘localhost'
> 
> Restarted mailman, postfix, and apache2.
> 
> I still get in /var/log/mail.log
> 
> Dec 22 12:17:50 localhost postfix/trivial-rewrite[6456]: warning: 
> hash:/var/lib/mailman/data/virtual-mailman is unavailable. open database 
> /var/lib/mailman/data/virtual-mailman.db: No such file or directory
> 
> 
> Did you run genaliases?
> 
> --
> Mark

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-22 Thread Jim Popovitch 
On Tue, Dec 13, 2016 at 12:35 PM, Mark Sapiro  wrote:
>
> Steve has answered most of this. I just want to add a couple of things.
> With respect to web subscribes, several sites including python.org have
> seen mail bomb attacks via the web subscribe interface.
>
> These are subscribes via the web UI by distributed bots that are "smart"
> enough to GET the form  and delay tens of seconds before POSTing it. The
> most recent attacks have been multiple subscribes to multiple lists of
> some gmail.com address with various permutations of dots (ignored by
> gmail) interspersed in the local part. The most recent attack on
> mail.python.org subscribed addresses that matched
>
>   '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com

I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
to implement the same (or some field validation logic) for the
"fullname" field of the subscription page.   I'm still seeing a ton of
subscribe spam attempts, and the fullname field is consistently not a
text name.

>From nginx log:

...sa...@apexgolfcarts.com&fullname=58562fbb70e22...
...elle...@hotmail.com&fullname=5856315b5b695...
...scottpickup2...@gmail.com&fullname=5856372a4e2f1...
...vanes...@live.com&fullname=58563aa6664bf...
...mea...@meaganlucyphoto.con&fullname=58563ab925ac7...
...saramardam...@gmail.com&fullname=58564566dc31b...
...dotthomas...@yahoo.com&fullname=5856456df0b96...
...scottpickup2...@gmail.com&fullname=58564b85ccf98...


-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
I was missing this step from: 
https://help.ubuntu.com/community/Mailman#Postfix_Configuration


Associate the domain lists.example.com to the mailman 
transport with the transport map. Edit the file /etc/postfix/transport:

lists.example.com  mailman:

Of course I replaced list.example.com with 
mail.yugi.us

Got further: I ran genaliases after that and virtual-mailman and 
virtual-mailman.db showed up in /var/lib/mailman/data woo hoo!

I test sent to mail...@yugi.us and got in 
/var/log/mail.log:
Dec 22 13:39:32 localhost postfix/smtpd[3566]: NOQUEUE: reject: RCPT from 
0-46.static.highlandsfibernetwork.com[216.9.0.46]:
 550 5.1.1 mailto:mail...@yugi.us>>: Recipient address 
rejected: User unknown in virtual mailbox table; 
from=mailto:cae...@samsi.us>> 
to=mailto:mail...@yugi.us>> proto=ESMTP 
helo=http://mail.samsi.us>>

On Dec 22, 2016, at 1:29 PM, Mark Sapiro 
mailto:m...@msapiro.net>> wrote:

On 12/22/2016 01:21 PM, Caesar Samsi wrote:

I’ve also added:

POSTFIX_STYLE_VIRTUAL_DOMAINS = 
['yugi.us','mail.yugi.us']
VIRTUAL_MAILMAN_LOCAL_DOMAIN = ‘localhost'

Restarted mailman, postfix, and apache2.

I still get in /var/log/mail.log

Dec 22 12:17:50 localhost postfix/trivial-rewrite[6456]: warning: 
hash:/var/lib/mailman/data/virtual-mailman is unavailable. open database 
/var/lib/mailman/data/virtual-mailman.db: No such file or directory


Did you run genaliases?

--
Mark Sapiro mailto:m...@msapiro.net>>The highway is 
for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list 
Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/cmsamsi%40hotmail.com

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
[adding list back for archive]

I’ve also added:

POSTFIX_STYLE_VIRTUAL_DOMAINS = 
['yugi.us','mail.yugi.us']
VIRTUAL_MAILMAN_LOCAL_DOMAIN = ‘localhost'

Restarted mailman, postfix, and apache2.

I still get in /var/log/mail.log

Dec 22 12:17:50 localhost postfix/trivial-rewrite[6456]: warning: 
hash:/var/lib/mailman/data/virtual-mailman is unavailable. open database 
/var/lib/mailman/data/virtual-mailman.db: No such file or directory


On Dec 22, 2016, at 12:10 PM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:

It’s mail.yugi.us

On Dec 22, 2016, at 12:06 PM, Mark Sapiro 
mailto:m...@msapiro.net>> wrote:

On 12/22/2016 11:24 AM, Caesar Samsi wrote:
*What is the value of the list's host_name attribute (near the bottom of
the list's web admin General Options page).
*

Overview of all yugi.us mailing lists



Go to , log in and scroll
down until you see

Host name this list prefers for email.
(Details for host_name)

(about 5 settings from the bottom).  What is that set to?


*What's in mm_cfg.py? (Make sure you're looking at the correct one.)*
...
#-
# Default domain for email addresses of newly created MLs
DEFAULT_EMAIL_HOST = 'yugi.us'
#-
# Default host for web interface of newly created MLs
DEFAULT_URL_HOST   = 'yugi.us'
#-
# Required when setting any of its arguments.
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)


You are missing POSTFIX_STYLE_VIRTUAL_DOMAINS. See

which says in part

POSTFIX_STYLE_VIRTUAL_DOMAINS = ['yugi.us']

If you want to generate data/virtual-mailman for lists in the
mail.yugi.us email domain, this should be

POSTFIX_STYLE_VIRTUAL_DOMAINS = ['mail.yugi.us']

or

POSTFIX_STYLE_VIRTUAL_DOMAINS = ['yugi.us', 
'mail.yugi.us']

if you want both.

--
Mark Sapiro mailto:m...@msapiro.net>>The highway is 
for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 01:21 PM, Caesar Samsi wrote:
> 
> I’ve also added:
> 
> POSTFIX_STYLE_VIRTUAL_DOMAINS = ['yugi.us','mail.yugi.us']
> VIRTUAL_MAILMAN_LOCAL_DOMAIN = ‘localhost'
> 
> Restarted mailman, postfix, and apache2.
> 
> I still get in /var/log/mail.log
> 
> Dec 22 12:17:50 localhost postfix/trivial-rewrite[6456]: warning: 
> hash:/var/lib/mailman/data/virtual-mailman is unavailable. open database 
> /var/lib/mailman/data/virtual-mailman.db: No such file or directory


Did you run genaliases?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 11:24 AM, Caesar Samsi wrote:
>> *What is the value of the list's host_name attribute (near the bottom of
>> the list's web admin General Options page).
>> *
> 
> Overview of all yugi.us mailing lists
> 


Go to , log in and scroll
down until you see

Host name this list prefers for email.
(Details for host_name)

(about 5 settings from the bottom).  What is that set to?


> *What's in mm_cfg.py? (Make sure you're looking at the correct one.)*
...
> #-
> # Default domain for email addresses of newly created MLs
> DEFAULT_EMAIL_HOST = 'yugi.us'
> #-
> # Default host for web interface of newly created MLs
> DEFAULT_URL_HOST   = 'yugi.us'
> #-
> # Required when setting any of its arguments.
> add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)


You are missing POSTFIX_STYLE_VIRTUAL_DOMAINS. See

which says in part

>> POSTFIX_STYLE_VIRTUAL_DOMAINS = ['yugi.us']
> 
> If you want to generate data/virtual-mailman for lists in the
> mail.yugi.us email domain, this should be
> 
> POSTFIX_STYLE_VIRTUAL_DOMAINS = ['mail.yugi.us']
> 
> or
> 
> POSTFIX_STYLE_VIRTUAL_DOMAINS = ['yugi.us', 'mail.yugi.us']
> 
> if you want both.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Tiny itty bitty bug

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 11:55 AM, Caesar Samsi wrote:
> If you go to your mailing list’s admin page. At the very bottom, the domain 
> name is missing the very fist dot:
> 
> Overview of all mailyugi.us mailing lists
> 
> It should be mail.yugi.us


This is due to a misconfiguration on your part. See

which says in part:

>> ...
>> #-
>> # Default domain for email addresses of newly created MLs
>> DEFAULT_EMAIL_HOST = 'mailyugi.us'
> 
> Missing a dot - 'mail.yugi.us'

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Tiny itty bitty bug

2016-12-22 Thread Caesar Samsi 
Actually my bug … 

On Dec 22, 2016, at 11:55 AM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:

If you go to your mailing list’s admin page. At the very bottom, the domain 
name is missing the very fist dot:

Overview of all mailyugi.us mailing lists

It should be mail.yugi.us

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Tiny itty bitty bug

2016-12-22 Thread Caesar Samsi 
If you go to your mailing list’s admin page. At the very bottom, the domain 
name is missing the very fist dot:

Overview of all mailyugi.us mailing lists

It should be mail.yugi.us
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
What is the value of the list's host_name attribute (near the bottom of
the list's web admin General Options page).


Overview of all yugi.us mailing lists

What's in mm_cfg.py? (Make sure you're looking at the correct one.)

/etc/mailman/mm_cfg.py (installed by the package), there is no 
/usr/local/mailman directory
# -*- python -*-

# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA


"""This is the module which takes your site-specific settings.

From a raw distribution it should be copied to mm_cfg.py.  If you
already have an mm_cfg.py, be careful to add in only the new settings
you want.  The complete set of distributed defaults, with annotation,
are in ./Defaults.  In mm_cfg, override only those you want to
change, after the

  from Defaults import *

line (see below).

Note that these are just default settings - many can be overridden via the
admin and user interfaces on a per-list or per-user basis.

Note also that some of the settings are resolved against the active list
setting by using the value as a format string against the
list-instance-object's dictionary - see the distributed value of
DEFAULT_MSG_FOOTER for an example."""


###
#Here's where we get the distributed defaults.#

from Defaults import *

##
# Put YOUR site-specific configuration below, in mm_cfg.py . #
# See Defaults.py for explanations of the values.#

#-
# The name of the list Mailman uses to send password reminders
# and similar. Don't change if you want mailman-owner to be
# a valid local part.
MAILMAN_SITE_LIST = 'mailman'

#-
# If you change these, you have to configure your http server
# accordingly (Alias and ScriptAlias directives in most httpds)
DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
IMAGE_LOGOS = '/images/mailman/'

#-
# Default domain for email addresses of newly created MLs
DEFAULT_EMAIL_HOST = 'yugi.us'
#-
# Default host for web interface of newly created MLs
DEFAULT_URL_HOST   = 'yugi.us'
#-
# Required when setting any of its arguments.
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)

#-
# The default language for this server.
DEFAULT_SERVER_LANGUAGE = 'en'

#-
# Iirc this was used in pre 2.1, leave it for now
USE_ENVELOPE_SENDER= 0  # Still used?

#-
# Unset send_reminders on newly created lists
DEFAULT_SEND_REMINDERS = 0

#-
# Uncomment this if you configured your MTA such that it
# automatically recognizes newly created lists.
# (see /usr/share/doc/mailman/README.Exim4.Debian or
# /usr/share/mailman/postfix-to-mailman.py)
# MTA=None   # Misnomer, suppresses alias output on newlist

#-
# Uncomment if you use Postfix virtual domains (but not
# postfix-to-mailman.py), but be sure to see
# /usr/share/doc/mailman/README.Debian first.
MTA='Postfix'

#-
# Uncomment if you want to filter mail with SpamAssassin. For
# more information please visit this website:
# http://www.jamesh.id.au/articles/mailman-spamassassin/
# GLOBAL_PIPELINE.insert(1, 'SpamAssassin')

# Note - if you're looking for something that is imported from mm_cfg, but you
# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py.


On Dec 22, 2016, at 11:17 AM, Mark Sapiro 
mailto:m...@msapiro.net>> wrote:

On 12/22/2016 10:47 AM, Caesar Samsi wrote:
OK debugging further it turns out /var/lib/mailman/data/virtualman and
virtualman.db is no longer there …

   Dec 22 10:42:24 localhost postfix/trivial-rewrite[4960]: warning:
   virtual

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 10:47 AM, Caesar Samsi wrote:
> OK debugging further it turns out /var/lib/mailman/data/virtualman and
> virtualman.db is no longer there …
> 
> Dec 22 10:42:24 localhost postfix/trivial-rewrite[4960]: warning:
> virtual_alias_
> domains: hash:/var/lib/mailman/data/virtual-mailman: table lookup
> problem


What's in mm_cfg.py? (Make sure you're looking at the correct one.)

What is the value of the list's host_name attribute (near the bottom of
the list's web admin General Options page).

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Fwd: Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 10:19 AM, Caesar Samsi wrote:
> 
> I’m starting from scratch but with the 2.1.23 mailman package found
> here: http://packages.ubuntu.com/zesty/mailman I took the amd64 .deb
> package http://packages.ubuntu.com/zesty/amd64/mailman/download.
...
> Note that Postfix services virtual domain. 
> 
> Now I
> follow: 
> https://www.gnu.org/software/mailman/mailman-install/postfix-virtual.html


This is for a source install. While some of it is relevant, your package
also installed a bunch of things in /usr/share/doc/mailman/, in
particular, /usr/share/doc/mailman/README.Debian. Have you read that?

...
> I added, from one of my previous install I had a file called
> /etc/postfix/transport with the content of:
> mail.yugi.us mailman:


This is for postfix_to_mailman.py. See .


...
>> Dec 22 09:50:05 mail postfix/smtp[6025]: 6C0733FC22:
>> to=,
>> relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=0.1/0.03/0.01/2.5,
>> dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025):
>> 250 2.0.0 Ok: queued as DCB473FC72)
> 
>> Dec 22 09:50:05 mail postfix/qmgr[5982]: 6C0733FC22: removed
>>
>> Dec 22 09:50:05 mail postfix/smtp[6031]: DCB473FC72:
>> to=, relay=yugi.us
>> [216.9.1.153]:25, delay=0.52,
>> delays=0.06/0.03/0.07/0.35, dsn=4.3.0, status=deferred (host yugi.us
>> [216.9.1.153] said: 451 4.3.0 :
>> Temporary lookup failure (in reply to RCPT
>> TO command))


I'm a bit confused here. The initial entry above says the message to
mail...@yugi.us was relayed via some service (amavis ?) at
127.0.0.1[127.0.0.1]:10024 which queued the message as DCB473FC72. Then
the next entry processing that queue ID says the message to
mail...@yugi.us is deferred because of a failure looking up
cae...@samsi.us which is the sender. It looks like Postfix is trying to
do some sort of sender verification which fails.

To say more, I'd need to see the output of 'postconf -n', but please
note that this list is not the primary support resource for either
Postfix or the Debian/Ubuntu Mailman package. See
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
OK debugging further it turns out /var/lib/mailman/data/virtualman and 
virtualman.db is no longer there …

Dec 22 10:42:24 localhost postfix/trivial-rewrite[4960]: warning: virtual_alias_
domains: hash:/var/lib/mailman/data/virtual-mailman: table lookup problem

Running /var/lib/mailman/bin/genaliases doesn’t create them.

On Dec 22, 2016, at 10:19 AM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:

[resending from right email address]

Hi Mark,

I’m starting from scratch but with the 2.1.23 mailman package found here: 
http://packages.ubuntu.com/zesty/mailman I took the amd64 .deb package 
http://packages.ubuntu.com/zesty/amd64/mailman/download.

I have done the following steps:
- Linuxmint 18 Sarah (Ubuntu 16 flavor)
- LAMP with PHP7 (stock install)
- Postfix and Dovecot (stock install)
- Updated Postfix and Dovecot config file to serve virtual domains (e.g. 
yogi.us and samson.us)
- Downloaded and installed the 2.1.23 mailman package
- Edited /etc/mailman/mm_cfg.py and enabled MTA=Postfix
- Copied /etc/mailman/apache.conf to /etc/apache2/sites-available/mailman.conf
- Used this instead what was in apache.con:

Options +ExecCGI
AddHandler cgi-script .cgi
Options FollowSymLinks
Require all granted

- Enable apache2 cgi module (was not enabled on stock install)
sudo a2enmod cgi
sudo service apache2 restart

http://mail.yugi.us/cgi-bin/mailman/listinfo now produces a nice mailman webpage

Note that Postfix services virtual domain.

Now I follow: 
https://www.gnu.org/software/mailman/mailman-install/postfix-virtual.html
I use:
virtual_alias_maps = ,
 hash:/var/lib/mailman/data/virtual-mailman
instead of the /usr/local/mailman … as that’s not where the mailman package is 
installed.

I now run /var/lib/mailman/genaliases and voila 
/var/lib/mailman/data/virtualman and virtualman.db are generated!

I added, from one of my previous install I had a file called 
/etc/postfix/transport with the content of:
mail.yugi.usmailman:

I sudo reboot just in case.

I send an email to mail...@yugi.us, it arrives in 
postfix and mail.log looks like:
Dec 22 09:50:05 mail amavis[5567]: (05567-08) Passed CLEAN {RelayedOutbound}, 
LOCAL [192.168.1.1]:56325 mailto:cae...@samsi.us>> -> 
mailto:mail...@yugi.us>>, Queue-ID: 6C0733FC22, Message-ID: 
<9035407c-0f0f-4ec1-8e0b-791645c68...@samsi.us>,
 mail_id: 50j8MooSZtlh, Hits: -0.002, size: 307, queued_as: DCB473FC72, 2500 ms

Dec 22 09:50:05 mail postfix/smtp[6025]: 6C0733FC22: 
to=mailto:mail...@yugi.us>>, relay=127.0.0.1[127.0.0.1]:10024, 
delay=2.6, delays=0.1/0.03/0.01/2.5, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as DCB473FC72)

Dec 22 09:50:05 mail postfix/qmgr[5982]: 6C0733FC22: removed

Dec 22 09:50:05 mail postfix/smtp[6031]: DCB473FC72: 
to=mailto:mail...@yugi.us>>, 
relay=yugi.us[216.9.1.153]:25, delay=0.52, 
delays=0.06/0.03/0.07/0.35, dsn=4.3.0, status=deferred (host 
yugi.us[216.9.1.153] said: 451 4.3.0 
mailto:cae...@samsi.us>>: Temporary lookup failure (in reply 
to RCPT TO command))

Nothing happens after "Temporary lookup" failure.

What to do?

Thank you, Caesar.


On Dec 16, 2016, at 10:26 AM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:


Well this certainly might make it easier for me. I'll give the package a try.

Thank you.



Sent from my Samsung Tablet

Mark Sapiro mailto:m...@msapiro.net>> wrote:
On 12/16/2016 08:52 AM, Barry S. Finkel wrote:

As I have written before, one can easily create a Debian/Ubuntu package
for Mailman 2.x based on the SourceForge source.  Contact me for
details.  This will install Mailman in the directories that
Debian/Ubuntu uses, and I assume that installing the package will
overwrite any existing Debian/Ubuntu installation.


Thanks Barry.

Also note there is an article at  that
discusses how to upgrade the Debian/Ubuntu package from source.

Also note that there is a current (2.1.23) Ubuntu Mailman package at
 with links to the .deb for
all supported architectures and similarly for Debian at
.

--
Mark Sapiro mailto:m...@msapiro.net>>The highway is 
for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list 
Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/cmsamsi%40hotmail.com
--
Mailman-Users mailing list 
Mailman-Use

[Mailman-Users] Fwd: Installing http://packages.ubuntu.com/zesty/mailman, stuck at "Temporary failure"

2016-12-22 Thread Caesar Samsi 
[resending from right email address]

Hi Mark,

I’m starting from scratch but with the 2.1.23 mailman package found here: 
http://packages.ubuntu.com/zesty/mailman I took the amd64 .deb package 
http://packages.ubuntu.com/zesty/amd64/mailman/download.

I have done the following steps:
- Linuxmint 18 Sarah (Ubuntu 16 flavor)
- LAMP with PHP7 (stock install)
- Postfix and Dovecot (stock install)
- Updated Postfix and Dovecot config file to serve virtual domains (e.g. 
yogi.us and samson.us)
- Downloaded and installed the 2.1.23 mailman package
- Edited /etc/mailman/mm_cfg.py and enabled MTA=Postfix
- Copied /etc/mailman/apache.conf to /etc/apache2/sites-available/mailman.conf
- Used this instead what was in apache.con:

Options +ExecCGI
AddHandler cgi-script .cgi
Options FollowSymLinks
Require all granted

- Enable apache2 cgi module (was not enabled on stock install)
sudo a2enmod cgi
sudo service apache2 restart

http://mail.yugi.us/cgi-bin/mailman/listinfo now produces a nice mailman webpage

Note that Postfix services virtual domain.

Now I follow: 
https://www.gnu.org/software/mailman/mailman-install/postfix-virtual.html
I use:
virtual_alias_maps = ,
 hash:/var/lib/mailman/data/virtual-mailman
instead of the /usr/local/mailman … as that’s not where the mailman package is 
installed.

I now run /var/lib/mailman/genaliases and voila 
/var/lib/mailman/data/virtualman and virtualman.db are generated!

I added, from one of my previous install I had a file called 
/etc/postfix/transport with the content of:
mail.yugi.usmailman:

I sudo reboot just in case.

I send an email to mail...@yugi.us, it arrives in 
postfix and mail.log looks like:
Dec 22 09:50:05 mail amavis[5567]: (05567-08) Passed CLEAN {RelayedOutbound}, 
LOCAL [192.168.1.1]:56325 mailto:cae...@samsi.us>> -> 
mailto:mail...@yugi.us>>, Queue-ID: 6C0733FC22, Message-ID: 
<9035407c-0f0f-4ec1-8e0b-791645c68...@samsi.us>,
 mail_id: 50j8MooSZtlh, Hits: -0.002, size: 307, queued_as: DCB473FC72, 2500 ms

Dec 22 09:50:05 mail postfix/smtp[6025]: 6C0733FC22: 
to=mailto:mail...@yugi.us>>, relay=127.0.0.1[127.0.0.1]:10024, 
delay=2.6, delays=0.1/0.03/0.01/2.5, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as DCB473FC72)

Dec 22 09:50:05 mail postfix/qmgr[5982]: 6C0733FC22: removed

Dec 22 09:50:05 mail postfix/smtp[6031]: DCB473FC72: 
to=mailto:mail...@yugi.us>>, 
relay=yugi.us[216.9.1.153]:25, delay=0.52, 
delays=0.06/0.03/0.07/0.35, dsn=4.3.0, status=deferred (host 
yugi.us[216.9.1.153] said: 451 4.3.0 
mailto:cae...@samsi.us>>: Temporary lookup failure (in reply 
to RCPT TO command))

Nothing happens after "Temporary lookup" failure.

What to do?

Thank you, Caesar.


On Dec 16, 2016, at 10:26 AM, Caesar Samsi 
mailto:cmsa...@hotmail.com>> wrote:


Well this certainly might make it easier for me. I'll give the package a try.

Thank you.



Sent from my Samsung Tablet

Mark Sapiro mailto:m...@msapiro.net>> wrote:
On 12/16/2016 08:52 AM, Barry S. Finkel wrote:

As I have written before, one can easily create a Debian/Ubuntu package
for Mailman 2.x based on the SourceForge source.  Contact me for
details.  This will install Mailman in the directories that
Debian/Ubuntu uses, and I assume that installing the package will
overwrite any existing Debian/Ubuntu installation.


Thanks Barry.

Also note there is an article at  that
discusses how to upgrade the Debian/Ubuntu package from source.

Also note that there is a current (2.1.23) Ubuntu Mailman package at
 with links to the .deb for
all supported architectures and similarly for Debian at
.

--
Mark Sapiro mailto:m...@msapiro.net>>The highway is 
for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list 
Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/cmsamsi%40hotmail.com
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/cmsamsi%40hotmail.com

--
Mailman-Users mailing list Mailman-

Re: [Mailman-Users] Configure options not known

2016-12-22 Thread Mark Sapiro 
On 12/22/2016 04:47 AM, Matt Morgan wrote:
> 
> I'm going to put that configure command with all its options in the
> org's keepass now :-).


Also, if you keep the source directory, the config command is recorded
in the config.log file.


> Overall I'm really happy with how humane (fast, straightforward,
> understandable) this upgrade method is. Thanks!


I'm glad it worked well for you.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Configure options not known

2016-12-22 Thread Matt Morgan 
Thanks, yes, I looked at the maillog and it was clear about what I needed
to do.

I'm going to put that configure command with all its options in the org's
keepass now :-).

Overall I'm really happy with how humane (fast, straightforward,
understandable) this upgrade method is. Thanks!

On Thu, Dec 22, 2016 at 12:54 AM, Mark Sapiro  wrote:

> On 12/21/2016 07:14 PM, Matt Morgan wrote:
> > On Wed, Dec 21, 2016 at 10:02 PM, Matt Morgan 
> > wrote:
> >>
> >> Unfortunately, local delivery is failing for all (as far as I can tell)
> >> list addresses. What have I done? Any advice welcome.
> >>
> >> Thanks,
> >> Matt
> >>
> >
> > Looks like I need --with-mail-gid=mail. Working on that now.
>
>
> I'm guessing from these that you determined that delivery to list
> addresses was failing because of group mismatch error from the mail
> wrapper and you are addressing that.
>
> Let us know if you need further help.
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> minxmertzmomo%40gmail.com
>
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org